“Operation Protect Our Children” Accidentally Shutters 84,000 Sites

Editor’s Note: The following is a guest post by Jerry Brito, a policy wonk and web developer based in Washington, D.C.

What if you woke up one morning and your blog’s URL pointed to a Department of Homeland Security page that said, “Website seized for trafficking in child pornography”? That’s what happened to 84,000 innocent site owners this week, and there’s no guarantee it won’t happen again.

Over the past few months, Homeland Security’s Immigration and Customs Enforcement (ICE) division has been seizing the website domain names of alleged copyright and trademark infringers. Days before the Super Bowl, it seized the web addresses of 10 sites accused of offering illegal streaming video of sports events, and just before Valentine’s Day it took down 18 sites selling counterfeit goods from Prada bags to Tiffany earrings.

So far so good, since it’s perfectly legitimate for ICE to target the bad guys. But critics of the seizures point to a seeming lack of due process. The feds determine a site to be infringing and ask a judge to sign a seizure warrant that tells the site’s domain name company to transfer control of the domain name to the government, which then points it to a “seized by DHS” page. The problem is the warrants are issued ex parte, which means that the targeted website owners are not notified and don’t have an opportunity to present their side of the story to the judge.

Fast forward to last Tuesday when DHS announced that it had seized 10 domain names allegedly involved in advertising or distributing child pornography. Caught up in that sweep, however, were 84,000 innocent domains, all of which were redirected to the imposing “seized for child porn” banner, which announced that “Advertisement, distribution, transportation, receipt, and possession of child pornography constitute federal crimes that carry penalties for first time offenders of up to 30 years in federal prison, a $250,000 fine, forfeiture and restitution.” Exactly how this happened is unclear, but one likely scenario could have been prevented with better due process.

The affected sites were all subdomains of free domain host mooo.com, which is run by FreeDNS. If you want a free domain name, you can go to FreeDNS and get a subdomain like MyBlog.mooo.com or MySite.mooo.com. It’s possible that DHS was targeting an illegal subdomain like “ChildPorn.mooo.com,” but went too far and seized the entire mooo.com domain, affecting every other site. If FreeDNS had been notified and given an opportunity to tell their side to the judge, the problem may have been avoided.

A bill introduced in Congress last year, and being taken up again this week, would expand the federal government’s ability to seize allegedly illegal website domains. This most recent snafu should make the debate a little more lively.

Jerry Brito is a contributor to TIME. Find him on Twitter at @jerrybrito. You can also continue the discussion on TIME’s Facebook page and on Twitter at @TIME.